mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-10-20 14:12:10 -04:00
f2aba67374
This allows configuring the group and mode of the unix socket after it has been created to allow reverse proxies to access it. Fixes #317. I decided to call `chown` and `chgrp` directly to change the owner and group (the former will almost definitely not be called; only root can chown a file to another user, and you are not running codimd as root. It is included for consistency). The nodejs chown/chgrp functions only accepts uid and gid, not the names of the user or group. The standard way to convert a group name into a gid is the `uid-number` package. The way this package works is that 1. It spawns a new nodejs process 2. The new nodejs process calls nodejs' setgid function, which *does* accept both the group name and gid 3. It then calls getuid to retrieve the uid of the process, and returns it to the parent process via stdout. While this *works*, it is hacky, and if we are spawning a process anyway, might as well call `chgrp` directly. This does not update the documentation because we are merging into release/2.0.x but master reworks the configuration section of the documentation, so there will be a conflict when we merge anyway. Signed-off-by: Dexter Chua <dalcde@yahoo.com.hk>
138 lines
5.5 KiB
TypeScript
138 lines
5.5 KiB
TypeScript
import { toArrayConfig, toBooleanConfig, toIntegerConfig } from './utils'
|
|
|
|
export const environment = {
|
|
sourceURL: process.env.CMD_SOURCE_URL,
|
|
domain: process.env.CMD_DOMAIN,
|
|
urlPath: process.env.CMD_URL_PATH,
|
|
host: process.env.CMD_HOST,
|
|
port: toIntegerConfig(process.env.CMD_PORT),
|
|
path: process.env.CMD_PATH,
|
|
socket: {
|
|
group: process.env.CMD_SOCKET_GROUP,
|
|
owner: process.env.CMD_SOCKET_OWNER,
|
|
mode: process.env.CMD_SOCKET_MODE
|
|
},
|
|
loglevel: process.env.CMD_LOGLEVEL,
|
|
urlAddPort: toBooleanConfig(process.env.CMD_URL_ADDPORT),
|
|
useSSL: toBooleanConfig(process.env.CMD_USESSL),
|
|
hsts: {
|
|
enable: toBooleanConfig(process.env.CMD_HSTS_ENABLE),
|
|
maxAgeSeconds: toIntegerConfig(process.env.CMD_HSTS_MAX_AGE),
|
|
includeSubdomains: toBooleanConfig(process.env.CMD_HSTS_INCLUDE_SUBDOMAINS),
|
|
preload: toBooleanConfig(process.env.CMD_HSTS_PRELOAD)
|
|
},
|
|
csp: {
|
|
enable: toBooleanConfig(process.env.CMD_CSP_ENABLE),
|
|
reportURI: process.env.CMD_CSP_REPORTURI
|
|
},
|
|
protocolUseSSL: toBooleanConfig(process.env.CMD_PROTOCOL_USESSL),
|
|
allowOrigin: toArrayConfig(process.env.CMD_ALLOW_ORIGIN),
|
|
useCDN: toBooleanConfig(process.env.CMD_USECDN),
|
|
allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS),
|
|
allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS),
|
|
allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL),
|
|
forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS),
|
|
defaultPermission: process.env.CMD_DEFAULT_PERMISSION,
|
|
dbURL: process.env.CMD_DB_URL,
|
|
sessionSecret: process.env.CMD_SESSION_SECRET,
|
|
sessionLife: toIntegerConfig(process.env.CMD_SESSION_LIFE),
|
|
tooBusyLag: toIntegerConfig(process.env.CMD_TOOBUSY_LAG),
|
|
imageUploadType: process.env.CMD_IMAGE_UPLOAD_TYPE,
|
|
imgur: {
|
|
clientID: process.env.CMD_IMGUR_CLIENTID
|
|
},
|
|
s3: {
|
|
accessKeyId: process.env.CMD_S3_ACCESS_KEY_ID,
|
|
secretAccessKey: process.env.CMD_S3_SECRET_ACCESS_KEY,
|
|
region: process.env.CMD_S3_REGION,
|
|
endpoint: process.env.CMD_S3_ENDPOINT
|
|
},
|
|
minio: {
|
|
accessKey: process.env.CMD_MINIO_ACCESS_KEY,
|
|
secretKey: process.env.CMD_MINIO_SECRET_KEY,
|
|
endPoint: process.env.CMD_MINIO_ENDPOINT,
|
|
secure: toBooleanConfig(process.env.CMD_MINIO_SECURE),
|
|
port: toIntegerConfig(process.env.CMD_MINIO_PORT)
|
|
},
|
|
lutim: {
|
|
url: process.env.CMD_LUTIM_URL
|
|
},
|
|
s3bucket: process.env.CMD_S3_BUCKET,
|
|
azure: {
|
|
connectionString: process.env.CMD_AZURE_CONNECTION_STRING,
|
|
container: process.env.CMD_AZURE_CONTAINER
|
|
},
|
|
facebook: {
|
|
clientID: process.env.CMD_FACEBOOK_CLIENTID,
|
|
clientSecret: process.env.CMD_FACEBOOK_CLIENTSECRET
|
|
},
|
|
twitter: {
|
|
consumerKey: process.env.CMD_TWITTER_CONSUMERKEY,
|
|
consumerSecret: process.env.CMD_TWITTER_CONSUMERSECRET
|
|
},
|
|
github: {
|
|
clientID: process.env.CMD_GITHUB_CLIENTID,
|
|
clientSecret: process.env.CMD_GITHUB_CLIENTSECRET
|
|
},
|
|
gitlab: {
|
|
baseURL: process.env.CMD_GITLAB_BASEURL,
|
|
clientID: process.env.CMD_GITLAB_CLIENTID,
|
|
clientSecret: process.env.CMD_GITLAB_CLIENTSECRET,
|
|
scope: process.env.CMD_GITLAB_SCOPE
|
|
},
|
|
oauth2: {
|
|
providerName: process.env.CMD_OAUTH2_PROVIDERNAME,
|
|
baseURL: process.env.CMD_OAUTH2_BASEURL,
|
|
userProfileURL: process.env.CMD_OAUTH2_USER_PROFILE_URL,
|
|
userProfileUsernameAttr: process.env.CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR,
|
|
userProfileDisplayNameAttr: process.env.CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR,
|
|
userProfileEmailAttr: process.env.CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR,
|
|
tokenURL: process.env.CMD_OAUTH2_TOKEN_URL,
|
|
authorizationURL: process.env.CMD_OAUTH2_AUTHORIZATION_URL,
|
|
clientID: process.env.CMD_OAUTH2_CLIENT_ID,
|
|
clientSecret: process.env.CMD_OAUTH2_CLIENT_SECRET,
|
|
scope: process.env.CMD_OAUTH2_SCOPE
|
|
},
|
|
dropbox: {
|
|
clientID: process.env.CMD_DROPBOX_CLIENTID,
|
|
clientSecret: process.env.CMD_DROPBOX_CLIENTSECRET,
|
|
appKey: process.env.CMD_DROPBOX_APPKEY
|
|
},
|
|
google: {
|
|
clientID: process.env.CMD_GOOGLE_CLIENTID,
|
|
clientSecret: process.env.CMD_GOOGLE_CLIENTSECRET,
|
|
hostedDomain: process.env.CMD_GOOGLE_HOSTEDDOMAIN
|
|
},
|
|
ldap: {
|
|
providerName: process.env.CMD_LDAP_PROVIDERNAME,
|
|
url: process.env.CMD_LDAP_URL,
|
|
bindDn: process.env.CMD_LDAP_BINDDN,
|
|
bindCredentials: process.env.CMD_LDAP_BINDCREDENTIALS,
|
|
searchBase: process.env.CMD_LDAP_SEARCHBASE,
|
|
searchFilter: process.env.CMD_LDAP_SEARCHFILTER,
|
|
searchAttributes: toArrayConfig(process.env.CMD_LDAP_SEARCHATTRIBUTES),
|
|
usernameField: process.env.CMD_LDAP_USERNAMEFIELD,
|
|
useridField: process.env.CMD_LDAP_USERIDFIELD,
|
|
tlsca: process.env.CMD_LDAP_TLS_CA
|
|
},
|
|
saml: {
|
|
idpSsoUrl: process.env.CMD_SAML_IDPSSOURL,
|
|
idpCert: process.env.CMD_SAML_IDPCERT,
|
|
issuer: process.env.CMD_SAML_ISSUER,
|
|
identifierFormat: process.env.CMD_SAML_IDENTIFIERFORMAT,
|
|
disableRequestedAuthnContext: toBooleanConfig(process.env.CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT),
|
|
groupAttribute: process.env.CMD_SAML_GROUPATTRIBUTE,
|
|
externalGroups: toArrayConfig(process.env.CMD_SAML_EXTERNALGROUPS, '|', []),
|
|
requiredGroups: toArrayConfig(process.env.CMD_SAML_REQUIREDGROUPS, '|', []),
|
|
attribute: {
|
|
id: process.env.CMD_SAML_ATTRIBUTE_ID,
|
|
username: process.env.CMD_SAML_ATTRIBUTE_USERNAME,
|
|
email: process.env.CMD_SAML_ATTRIBUTE_EMAIL
|
|
}
|
|
},
|
|
email: toBooleanConfig(process.env.CMD_EMAIL),
|
|
allowEmailRegister: toBooleanConfig(process.env.CMD_ALLOW_EMAIL_REGISTER),
|
|
allowGravatar: toBooleanConfig(process.env.CMD_ALLOW_GRAVATAR),
|
|
openID: toBooleanConfig(process.env.CMD_OPENID),
|
|
linkifyHeaderStyle: process.env.CMD_LINKIFY_HEADER_STYLE
|
|
}
|